Network security

Oct 1 2008   4:26AM GMT

Back to basics – Security awareness and education – SAS70

Posted by: sas70expert
Network security, Incident response, Security, Security Program Management, Network, CIO, SAS 70

For any security program, you must start at the basics and begin with a information security plan. In a SAS 70 audit, an auditor will examine a CIO’s operations to determine that you have security program management, incident response, and that appropriate training is provided to your employees. Your security plan should include at least include:

·          Procedures to protect and provide access to IT systems and applications

·          Procedures to report incidents when they occur

·          Investigation practices required to prevent future incidents

·          The right to revoke any user access at anytime

 

Training should occur regularly for all employees and no employee should be granted access to your systems without taking your company’s network security training. Do you have a plan in place? If so, send me a generic sample and I will share it with our readers.  Trackback URL

Jul 9 2008   2:34AM GMT

If data is your diamond, why aren’t you protecting it? SAS70

Posted by: sas70expert
Security management, Third-party services, Network security, Security, Information risk management, Compliance, Encryption, Auditing, CIO, DataCenter, DataManagement, CFO, SAS 70, CSO, Intrustion management

 Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. There are some new tools on the market, including L I N X T E R. http://linxter.com is a data transfer technology that enables programs to communicate through secure, reliable, and auditable channels. They are hyper connective communication channels that can be managed using a web-based tool.What data transfer methods are your using and is it secure, manageable and auditable?sas70expert@gmail.com

Jul 4 2008   12:30PM GMT

To IM or not to IM is the question? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Network security, Security, Network monitoring, Information risk management, Compliance, Auditing, Access, Network, CIO, DataCenter, CEO, CFO, SAS 70, Intrustion management

Yahoo Messenger, Googletalk, and AIM Messenger instant messaging services are frequently used by employees today for work and social networking. Less than 10% of companies today have policies and those that do have policies do not enforce them. Many SAS70 audits find installation of instant messaging software within corporate environments and that it may cause introduction of malicious coding or cause loss of sensitive data. Therefore, should IM security software be standard installation – whether in the form of email and internet security tools, appliances, or third-party hosted solutions. IM security software would protect against incoming Trojan horses/viruses and detect outgoing data loss by using content filtering; logging and archiving all IM messages, and ensure compliance with company policy. Are you using IM security software protection? If so, which one and is it on a third-party hosted platform? Have you found it to be effective?sas70expert@gmail.com

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 30 2008   3:19AM GMT

DataCenters that go Green! – SAS70

Posted by: sas70expert
Third-party services, Networking, Network security, Network monitoring, Strategic Enterprise Management, Microsoft Windows, Management, Database Management Systems, Industry Solutions, Data center operations, Network Management Systems, Blackberry, Data center design, CIO, Mobile, DataCenter, DataManagement, CEO, CFO, storage arrays, cooling systems, Exchange, power systems, SAS 70, CSO, Rack systems

Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?   

Jun 26 2008   4:30AM GMT

What’s your data loss prevention strategy? – SAS70

Posted by: sas70expert
Security management, Third-party services, Database issues, Networking, Network security, Firewalls, Incident response, Security, Network monitoring, Identity & Access Management, Information risk management, routers, Management, Security Program Management, Compliance, Viruses, Database, patching, Configuration, Database Management Systems, business/IT alignment, Auditing, Monitoring, Access, Access control, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Security tokens, Patch management, CFO, router configuration, SAS 70, CSO, Intrustion management, TrendMirco

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.